我有一個問題,我不知道如何解決。我的專案有一個微服務模型(基于Volo ABP微服務演示),我有一個包含所有檢索資料方法的 API,一個充當我所有專案的授權機構的 AuthServer,以及一個轉換請求的網關。
這就是我在Gateway專案中配置身份驗證的方式:
public override void ConfigureServices(ServiceConfigurationContext context)
{
IdentityModelEventSource.ShowPII = true;
var configuration = context.Services.GetConfiguration();
Configure<AbpMultiTenancyOptions>(options =>
{
options.IsEnabled = SidesysMicroservicesConsts.IsMultiTenancyEnabled;
});
context.Services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.ApiName = configuration["AuthServer:ApiName"];
options.RequireHttpsMetadata = false;
});
context.Services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "VirtualSpace Gateway API", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
});
context.Services.AddOcelot(context.Services.GetConfiguration());
Configure<AbpDbContextOptions>(options =>
{
options.UseSqlServer();
});
context.Services.AddCors(options =>
{
options.AddPolicy(DefaultCorsPolicyName, builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.Select(o => o.RemovePostFix("/"))
.ToArray()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
//context.Services.AddStackExchangeRedisCache(options =>
//{
// options.Configuration = configuration["Redis:Configuration"];
//});
//var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
//context.Services.AddDataProtection()
// .PersistKeysToStackExchangeRedis(redis, "MsDemo-DataProtection-Keys");
}
我的資料庫中有角色和不同的用戶,因此為了檢索令牌,我使用/connect/token來自 AuthServer的URL 和相應的角色,為此,我使用 Postman 和相應的標頭。一旦我檢索到我需要的令牌,我將使用 Postman 和來自Gateway(我的網關在埠 44377 上運行)的相應 URL以及相應的“授權”標頭及其令牌值和“承載”身份驗證方案,此請求將轉換為他們相應 API 的 URL(它在埠 44320 上運行) 我需要做的 URL 請求,例如,http://localhost:44377/api/virtualspaceattention/GetSourceUsers它將被轉換為http://localhost:44320//api/virtualspaceattention/VirtualSpaceAttention/GetSourceUsers.
這里的問題是,無論我使用什么令牌,每次我都會收到相同的日志錯誤:
Request starting HTTP/1.1 GET http://localhost:44377/api/virtualspaceattention/GetSoruceUsers - -
2022-01-07 17:00:47.928 -03:00 [INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match key:
kid: 'C99C917C5E43906FE6A88DDF28E73628'.
Exceptions caught:
''.
token: '{"alg":"RS256","kid":"C99C917C5E43906FE6A88DDF28E73628","typ":"at jwt"}.{"nbf":1640913147,"exp":1672449147,"iss":"http://localhost/authserver","aud":["VirtualSpace","VirtualSpaceGateway"],"client_id":"virtualSpace","iat":1640913147,"scope":["VirtualSpace","VirtualSpaceGateway"]}'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
2022-01-07 17:00:48.025 -03:00 [INF] Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match key:
kid: 'C99C917C5E43906FE6A88DDF28E73628'.
Exceptions caught:
''.
token: '{"alg":"RS256","kid":"C99C917C5E43906FE6A88DDF28E73628","typ":"at jwt"}.{"nbf":1640913147,"exp":1672449147,"iss":"http://localhost/authserver","aud":["VirtualSpace","VirtualSpaceGateway"],"client_id":"virtualSpace","iat":1640913147,"scope":["VirtualSpace","VirtualSpaceGateway"]}'.
我比較了通過/connect/tokenURL檢索到的令牌,與請求當前使用的令牌不同。我已經使用JWT 網站檢查了它的屬性,它似乎使用了一個快取在某處的令牌,但我不知道它在哪里處理它。
我將在此處粘貼來自JWT 網站的值以進行比較:
{
"alg": "RS256",
"kid": "1C700F5BA873DCA75C9CEC6B36118026",
"typ": "at jwt"
}
{
"nbf": 1641586212,
"exp": 1673122212,
"iss": "http://localhost:44399",
"aud": [
"VirtualSpace",
"VirtualSpaceGateway"
],
"client_id": "virtualSpace",
"sub": "87861a01-4486-17b8-c6d6-3a01476f3851",
"auth_time": 1641586212,
"idp": "local",
"tenantid": "0a1ea190-866c-3522-010e-3a014784d83d",
"operator_description": "Operador 1",
"role": "operator",
"email": "[email protected]",
"email_verified": "False",
"name": "operatorOne",
"iat": 1641586212,
"scope": [
"VirtualSpace",
"VirtualSpaceGateway"
],
"amr": [
"pwd"
]
}
我發現比較令牌的兩件事:
- “iss”:“http://localhost:44399”和“iss”:“http://localhost/authserver”,這些值是不同的。我曾經通過 IIS 運行我的 AuthServer,但我不再是了。
- “孩子”:“1C700F5BA873DCA75C9CEC6B36118026”和“孩子”:“C99C917C5E43906FE6A88DDF28E73628”。這些肯定不一樣。同樣,這個舊令牌似乎存盤在某個地方。
任何建議將不勝感激。TIA。
uj5u.com熱心網友回復:
問題出在瀏覽器上。即使您選擇token了該Application選項,谷歌瀏覽器似乎也會將其存盤在選項卡中Disable cache。即使您強制頁面清空快取并強制重新加載,token也會保留在那里。
在Application選項卡中,您需要清理該Storage部分下的所有內容才能解決此問題。老實說,這是一場噩夢,在我意識到這一點之前,我幾乎浪費了一整天的時間來想出一個解決方案。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/408727.html
標籤:
